Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 4ed6e8ad3c
Branches Tags
elasticsearch
/
docs
/
reference
/
data-streams
/
data-streams.asciidoc

data-streams.asciidoc 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 
  1. [role="xpack"]
    2. 

  2. [[data-streams]]
    3. 

  3. = Data streams
    4. 

  4. ++++
    5. 

  5. <titleabbrev>Data streams</titleabbrev>
    6. 

  6. ++++
    7. 

  7. 

  8. A data stream lets you store append-only time series
    9. 

  9. data across multiple indices while giving you a single named resource for
    10. 

  10. requests. Data streams are well-suited for logs, events, metrics, and other
    11. 

  11. continuously generated data.
    12. 

  12. 

  13. You can submit indexing and search requests directly to a data stream. The
    14. 

  14. stream automatically routes the request to backing indices that store the
    15. 

  15. stream's data. You can use <<index-lifecycle-management,{ilm} ({ilm-init})>> to
    16. 

  16. automate the management of these backing indices. For example, you can use
    17. 

  17. {ilm-init} to automatically move older backing indices to less expensive
    18. 

  18. hardware and delete unneeded indices. {ilm-init} can help you reduce costs and
    19. 

  19. overhead as your data grows.
    20. 

  20. 

  21. [discrete]
    22. 

  22. [[backing-indices]]
    23. 

  23. == Backing indices
    24. 

  24. 

  25. A data stream consists of one or more <<index-hidden,hidden>>, auto-generated
    26. 

  26. backing indices.
    27. 

  27. 

  28. image::images/data-streams/data-streams-diagram.svg[align="center"]
    29. 

  29. 

  30. A data stream requires a matching <<index-templates,index template>>. The
    31. 

  31. template contains the mappings and settings used to configure the stream's
    32. 

  32. backing indices.
    33. 

  33. 

  34. // tag::timestamp-reqs[]
    35. 

  35. Every document indexed to a data stream must contain a `@timestamp` field,
    36. 

  36. mapped as a <<date,`date`>> or <<date_nanos,`date_nanos`>> field type. If the
    37. 

  37. index template doesn't specify a mapping for the `@timestamp` field, {es} maps
    38. 

  38. `@timestamp` as a `date` field with default options.
    39. 

  39. // end::timestamp-reqs[]
    40. 

  40. 

  41. The same index template can be used for multiple data streams. You cannot
    42. 

  42. delete an index template in use by a data stream.
    43. 

  43. 

  44. [discrete]
    45. 

  45. [[data-stream-read-requests]]
    46. 

  46. == Read requests
    47. 

  47. 

  48. When you submit a read request to a data stream, the stream routes the request
    49. 

  49. to all its backing indices.
    50. 

  50. 

  51. image::images/data-streams/data-streams-search-request.svg[align="center"]
    52. 

  52. 

  53. [discrete]
    54. 

  54. [[data-stream-write-index]]
    55. 

  55. == Write index
    56. 

  56. 

  57. The most recently created backing index is the data stream’s write index.
    58. 

  58. The stream adds new documents to this index only.
    59. 

  59. 

  60. image::images/data-streams/data-streams-index-request.svg[align="center"]
    61. 

  61. 

  62. You cannot add new documents to other backing indices, even by sending requests
    63. 

  63. directly to the index.
    64. 

  64. 

  65. You also cannot perform operations on a write index that may hinder indexing,
    66. 

  66. such as:
    67. 

  67. 

  68. * <<indices-clone-index,Clone>>
    69. 

  69. * <<indices-delete-index,Delete>>
    70. 

  70. * <<indices-shrink-index,Shrink>>
    71. 

  71. * <<indices-split-index,Split>>
    72. 

  72. 

  73. [discrete]
    74. 

  74. [[data-streams-rollover]]
    75. 

  75. == Rollover
    76. 

  76. 

  77. A <<indices-rollover-index,rollover>> creates a new backing index that becomes
    78. 

  78. the stream's new write index.
    79. 

  79. 

  80. We recommend using <<index-lifecycle-management,{ilm-init}>> to automatically
    81. 

  81. roll over data streams when the write index reaches a specified age or size.
    82. 

  82. If needed, you can also <<manually-roll-over-a-data-stream,manually roll over>>
    83. 

  83. a data stream.
    84. 

  84. 

  85. [discrete]
    86. 

  86. [[data-streams-generation]]
    87. 

  87. == Generation
    88. 

  88. 

  89. Each data stream tracks its generation: a six-digit, zero-padded integer that
    90. 

  90. acts as a cumulative count of the stream's rollovers, starting at `000001`.
    91. 

  91. 

  92. When a backing index is created, the index is named using the following
    93. 

  93. convention:
    94. 

  94. 

  95. [source,text]
    96. 

  96. ----
    97. 

  97. .ds-<data-stream>-<yyyy.MM.dd>-<generation>
    98. 

  98. ----
    99. 

  99. 

  100. `<yyyy.MM.dd>` is the backing index's creation date. Backing indices with a
    101. 

  101. higher generation contain more recent data. For example, the `web-server-logs`
    102. 

  102. data stream has a generation of `34`. The stream's most recent backing index,
    103. 

  103. created on 7 March 2099, is named `.ds-web-server-logs-2099.03.07-000034`.
    104. 

  104. 

  105. Some operations, such as a <<indices-shrink-index,shrink>> or
    106. 

  106. <<snapshots-restore-snapshot,restore>>, can change a backing index's name.
    107. 

  107. These name changes do not remove a backing index from its data stream.
    108. 

  108. 

  109. [discrete]
    110. 

  110. [[data-streams-append-only]]
    111. 

  111. == Append-only
    112. 

  112. 

  113. Data streams are designed for use cases where existing data is rarely,
    114. 

  114. if ever, updated. You cannot send update or deletion requests for existing
    115. 

  115. documents directly to a data stream. Instead, use the
    116. 

  116. <<update-docs-in-a-data-stream-by-query,update by query>> and
    117. 

  117. <<delete-docs-in-a-data-stream-by-query,delete by query>> APIs.
    118. 

  118. 

  119. If needed, you can <<update-delete-docs-in-a-backing-index,update or delete
    120. 

  120. documents>> by submitting requests directly to the document's backing index.
    121. 

  121. 

  122. TIP: If you frequently update or delete existing time series data, use an index
    123. 

  123. alias with a write index instead of a data stream. See
    124. 

  124. <<manage-time-series-data-without-data-streams>>.
    125. 

  125. 

  126. include::set-up-a-data-stream.asciidoc[]
    127. 

  127. include::use-a-data-stream.asciidoc[]
    128. 

  128. include::change-mappings-and-settings.asciidoc[]
    129.